libpwquality-1.4.0

Introduction to libpwquality

The libpwquality package provides common functions for password quality checking and also scoring them based on their apparent randomness. The library also provides a function for generating random passwords with good pronounceability.

This package is known to build and work properly using an LFS-9.0 platform.

Package Information

libpwquality Dependencies

Required

CrackLib-2.9.7

Recommended

Optional

Python-2.7.16

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/libpwquality

Installation of libpwquality

Install libpwquality by running the following commands:

./configure --prefix=/usr --disable-static \
            --with-securedir=/lib/security \
            --with-python-binary=python3   &&
make

This package does not come with a test suite.

Now, as the root user:

make install

Command Explanations

--with-python-binary=python3: This parameter gives the location of the Python binary. The default is python, and requires Python-2.7.16.

Configuring Libpwquality

Libpwquality is intended to be a functional replacement for the pam_cracklib.so module with additional options. To replace the pam_cracklib.so module with the pam_pwquality.so module, execute the following commands as the root user:

mv /etc/pam.d/system-password{,.orig} &&
cat > /etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password

# check new passwords for strength (man pam_pwquality)
password  required    pam_pwquality.so   authtok_type=UNIX retry=1 difok=1 \
                                         minlen=8 dcredit=0 ucredit=0 \
                                         lcredit=0 ocredit=0 minclass=1 \
                                         maxrepeat=0 maxsequence=0 \
                                         maxclassrepeat=0 geoscheck=0 \
                                         dictcheck=1 usercheck=1 \
                                         enforcing=1 badwords="" \
                                         dictpath=/lib/cracklib/pw_dict
# use sha512 hash for encryption, use shadow, and use the
# authentication token (chosen password) set by pam_pwquality
# above (or any previous modules)
password  required    pam_unix.so        sha512 shadow use_authtok

# End /etc/pam.d/system-password
EOF

Contents

Installed Programs: pwscore and pwmake
Installed Libraries: pam_pwquality.so and libpwquality.so
Installed Directories: None

Short Descriptions

pwmake

is a simple configurable tool for generating random and relatively easily pronounceable passwords.

pwscore

is a simple tool for checking quality of a password.

libpwquality.so

contains API functions for checking the password quality.

pam_pwquality.so

is a Linux PAM module used to perform password quality checking.

Last updated on 2015-09-25 08:48:24 -0500